diff --git a/application/src/main/java/run/halo/app/infra/config/WebServerSecurityConfig.java b/application/src/main/java/run/halo/app/infra/config/WebServerSecurityConfig.java
index 14925846f..46e11007a 100644
--- a/application/src/main/java/run/halo/app/infra/config/WebServerSecurityConfig.java
+++ b/application/src/main/java/run/halo/app/infra/config/WebServerSecurityConfig.java
@@ -1,6 +1,5 @@
 package run.halo.app.infra.config;
 
-import static org.springframework.security.config.Customizer.withDefaults;
 import static org.springframework.security.web.server.authentication.ServerWebExchangeDelegatingReactiveAuthenticationManagerResolver.builder;
 import static org.springframework.security.web.server.util.matcher.ServerWebExchangeMatchers.pathMatchers;
 
@@ -109,7 +108,11 @@ public class WebServerSecurityConfig {
                 spec.principal(AnonymousUserConst.PRINCIPAL);
             })
             .securityContextRepository(securityContextRepository)
-            .httpBasic(withDefaults())
+            .httpBasic(basic -> {
+                if (haloProperties.getSecurity().getBasicAuth().isDisabled()) {
+                    basic.disable();
+                }
+            })
             .oauth2ResourceServer(oauth2 -> {
                 var authManagerResolver = builder().add(
                         new PatServerWebExchangeMatcher(),
diff --git a/application/src/main/java/run/halo/app/infra/properties/SecurityProperties.java b/application/src/main/java/run/halo/app/infra/properties/SecurityProperties.java
index d67b49549..e10d43385 100644
--- a/application/src/main/java/run/halo/app/infra/properties/SecurityProperties.java
+++ b/application/src/main/java/run/halo/app/infra/properties/SecurityProperties.java
@@ -18,6 +18,16 @@ public class SecurityProperties {
 
     private final TwoFactorAuthOptions twoFactorAuth = new TwoFactorAuthOptions();
 
+    private final BasicAuthOptions basicAuth = new BasicAuthOptions();
+
+    @Data
+    public static class BasicAuthOptions {
+        /**
+         * Whether basic authentication is disabled.
+         */
+        private boolean disabled = true;
+    }
+
     @Data
     public static class TwoFactorAuthOptions {
 
diff --git a/application/src/main/resources/application-dev.yaml b/application/src/main/resources/application-dev.yaml
index 4475d9699..62a31d4a6 100644
--- a/application/src/main/resources/application-dev.yaml
+++ b/application/src/main/resources/application-dev.yaml
@@ -15,6 +15,9 @@ spring:
         use-last-modified: false
 
 halo:
+  security:
+    basic-auth:
+      disabled: false
   console:
     proxy:
       endpoint: http://localhost:3000/